The Internet is undoubtedly fun; it’s full of cat gifs, absurdly random facts, and ingeniously enlightened ideas. But for every good thing, there tends to be its evil counterpart. According to a recent study done by the University of Maryland, hackers attack a computer once every 39 seconds. That’s more than 2,200 times a day. These are automated scripts that are just running, attacking computers at random, all the time.
That’s just the generic hackers, too, who aren’t even after anything specific (yet). We’re going to throw some more numbers at you here, so ready yourself. According to another study, there are about 94 million cryptocurrency users in the United States, Australia, and Europe combined. You probably see where this is headed, right? 94 million people use cryptocurrency either on their phone, tablet, or computer, and excluding any specific attacks, they are already potentially being probed by hackers more than 2,000 times a day.
Source: dilbert.com
Scary, right? Don’t worry, there are plenty of things you can do to protect yourself, and ironically enough, a lot of them come in the form of things you should stop doing as well. It shouldn’t be a surprise that exchanges are a great source of information when it comes to educating yourself on this topic. They are, after all, the other half of the security equation. Right now, we’re going to highlight HitBTC and Binance in this article, as they both keep comprehensive security blogs for their users.
So without further ado, here are the eight things to pay attention to:
1. Copy-paste exploit
Have you ever copy-pasted an address when sending or trying to receive a crypto payment? Perhaps between exchanges, to your friend, or something else? Malware (particularly on your phone) can easily intercept and paste the wrong address instead of your intended one.
Solution: Whitelisting
When sending currency from an exchange like HitBTC or Binance, you can set up a whitelist of addresses that restrict your sending. This is a great option to ensure you don’t copy-paste the wrong thing. When sending from your own wallet, always triple-check every address (or at least glance at the first few and last few numbers).
2. Malicious software
There are two exploits common with malicious software: hacked/fraudulent mobile apps and browser extensions. What happens here is basically an app on your phone or a browser extension accesses your 2FA, your passwords, your private keys, and so much more.
Solution: Be smart about downloads
When it comes to mobile apps and browser extensions, the former is easy, don’t download any apps onto your phone that you aren’t 100% sure about, even if it has nothing to do with crypto. The latter is even easier: don’t install browser extensions in the browser you use for crypto. If you HAVE to, then do everything you possibly can to ensure that they are 100% legit. If you want more info, check out HitBTC’s blog.
3. Slack/Telegram/social media hacking bots
Hacking is a strong term here, what these bots actually do is convince users that the bots are authentic support or staff members. The users then interact with the bots (let’s say, from “Binance_Customer_Support”) and give the bot/hacker crucial information during the interaction, such as their username and password.
Solution: Limit interactions
As you should do with many things in your life (always call your bank back at their listed number, for instance), double-check that the “support” or “official” user you are interacting with is actually legit. Here are some things real companies will never ask for: login ID and password together, to send coins anywhere to “access” help, private keys, the amount of crypto you hold, etc.
Source: support.hitbtc.com
4. Clone/Scam websites
Fake websites (often listed higher through paid advertisement) can bait users into clicking on them. These websites will look exactly like the real website (HitBTC, Binance, Metamask, etc.), but they will just be directing your information to hackers.
Solution: HTTPS
Always check to make sure that you are on a secure website. How? Easy. Look above this article, does the URL (website address at top of page) have “https” before it? That is what you want to look for when accessing any websites that have remotely anything to do with your crypto, your passwords, and anything else you’d rather keep secure. Those bots we mentioned before? They will often direct you to this type of unsecure link while “helping” you in Telegram/Slack.
5. Accessing your saved passwords in browser/application/service
When you store your passwords on Google Passwords, Evernote, PassLock, or any other third-party software you are basically putting all the keys to your life behind one lock. If a hacker breaks that one lock they now have access to your email, your exchanges, your 2FA, and possibly more.
Solution: Write it down
Yeah, remembering passwords is hard, we know. It’s really hard. In fact, it’s so hard that a lot of people use password-saving programs to store everything. Heck, we do it too, it’s easy. Storing some passwords is fine, but things like private keys, exchange passwords, and more should be written down on paper. Seriously, physical paper, written by hand, with a pen, and stored somewhere safe. Don’t print them! Printers cache data and can also be hacked. Write it by hand!
6. Mobile SMS 2FA exploit
There’s no sugar coating this - if you are using two-factor authentication being sent through SMS, you’re dancing with the devil. SMS can be so easily spoofed that you are basically just asking for hackers to take your data. Yes, it is so much easier than using a dedicated 2FA app, but never locking your house or car is easier than carrying keys around. Do you do that?
Solution: Get a dedicated 2FA app
We’re going to once again rely on HitBTC’s blog here again, since they have a pretty in-depth article explaining to their customers how to use 2FA with an app. The gist of it is that when setting up 2FA on your HitBTC account, you can connect that 2FA to an app like Authy or Google Authenticator to increase security. Remember, you lock your house and your car with special, specific keys - so you should do the same for your crypto investment.
7. Email phishing
This shouldn’t have to be said, as you would think that people would have learned years ago that Nigerian princes aren’t looking to give you their vast fortunes, but some of us keep falling for it. Email phishing is simple; you receive an email in your inbox that seems legitimate when in reality it either leads you to a fake website while seducing you to engage in a one-way act (sending crypto to an unknown address, for instance) or install malicious software when you click on a file in the email.
Solution: Don’t be a fish
Seriously, don’t be a fish. Americans lost $26 million to email scams in 2018; that’s a whole lot of fish - were you one of them? Safe inbox practices include: Don’t open mail from addresses you don’t recognize, especially if the subject line isn’t relevant. Don’t expect to get anything for “free” in a “giveaway” or “after you send crypto to this specific address.” Lastly, if ever in doubt, seek other opinions from people you trust.
8. Wi-fi hacking
You’re on a wi-fi network you aren’t familiar with, perhaps on your phone (everyone connects to free wi-fi, right?) and you access your crypto account. Next thing you know, your account is no longer your account. Your passwords have changed, your funds are gone, and you’re locked out. What happened is that you sent data over an unsecured network and someone was listening to that data, now it’s theirs.
Solution: Check your connections
Make sure your phone doesn’t automatically connect to a wi-fi network without your consent. More importantly, using free wi-fi is perfectly fine, but don’t transmit sensitive data over it. You wouldn’t, for instance, yell out your credit card numbers in a public place, right? That is what using unsecured wifi is like. You might as well be yelling out whatever it is you’re doing in a busy coffee shop. Looking at gifs of cats on unsecured wi-fi? Great, knock yourself out. Logging into HitBTC? Not a great idea.
You’ve done it, you’ve made it through eight seemingly simple tips to keep your cryptocurrency secure. Maybe none of them helped you, maybe some of them did, or maybe you are a complete doofus who just learned what the Internet is and this has been a highly educational read. No matter how helpful this article was, it’s important to walk away remembering a few things.
Source: xkcd.com
Exchanges can only help protect your cryptocurrency only so far. The lengths they go to are vast, but it requires both the exchange and a competent user to ensure total security. HitBTC, for example, offers everything from 2FA to whitelisting, secure logins, https, IP filtering, and more - but none of that matters if you give your password away on Telegram to a user by the name of “HitBTC_Totally_Real_Support.” These tips are cumulative, of course, and the more you integrate them into your daily life, the more it will make you less of a target. Hackers are just like everyone else: they want maximum profit with as little work as possible. All you need to do is be the least obvious target and make them work hard, so hard they don’t want to bother with you. Sounds easy enough, right?